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(57) ABSTRACT 

The copy protection system is a combination of a signature 
method and a coding or encryption method that uses a 
variable key. The data set is written only onto a predeter- 
mined device and it is released to a host for reading and 
deciphering only upon proper authorization. Copying of the 
encrypted data set is entirely useless, because the dataset is 
signed with a unique identification (e.g. the serial number) 
of the device. 

7 Claims, 1 Drawing Sheet 
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COPY PROTECTION SYSTEM AND 
METHOD 

BACKGROUND OF THE INVENTION 

FIELD OF THE INVENTION 

The invention relates to software piracy prevention. More 
specifically, the invention pertains to a novel method of 
protecting digital data against unauthorized copying and use. 

Digital media have become popular carriers for various 
types of data information. Computer software and audio 
information, for instance, are widely available on optical 
compact disks (CDs). Recently, the digital audio tape (DAT) 
has gained in distribution share. The CD and the DAT utilize 
a common standard for the digital recording of data, 
software, images, and audio. Additional media, such as 
multimedia compact disks (MCD), digital video disks 
(DVD), super density disks, and the like, are making con- 
siderable gains in the software and data distribution market. 

The substantially superior quality of the digital format as 
compared to the analog format renders the former substan- 
tially more prone to unauthorized copying and pirating. 
Copying of a digital data stream — whether compressed, 
uncompressed, encrypted or non-encrypted — typically does 
not lead to any appreciable loss of quality in the data. Digital 
copying thus is essentially unlimited in terms of multi- 
generation copying. Analog data with its substantial signal 
to noise ratio, on the other hand, is naturally limited in terms 
of multi-generation and mass copying. 

The advent of the recent popularity in the digital format 
has also brought about a slew of copy protection systems and 
methods. These are generally grouped in categories such as 
encryption, copy protection, and content extensions. 

Prior art methods of preventing unauthorized copying of 
copyrighted and protection-worthy data do not attain a 
particularly high degree of protection. 

Encryption, which is used in the digital and the analog 
format, essentially scrambles the information. The data 
stream can be made usable only with the proper key. It has 
been found that encryption is usually easy to crack. Once the 
key has been found by a copy pirate, the information may be 
freely multiplied without encryption. 

Software copy protection was widely used during the 
early days of the personal computer. However, software 
manufacturers essentially stopped copy protection once it 
was found that, on the one hand, virtually all copy protection 
codes would be quickly broken by hackers and, on the other 
hand, the development of new types of copy protection was 
becoming prohibitively expensive. Furthermore, non- 
protected programs soon turned out to become so widely 
used — even though many copies were unauthorized — that 
the additional sales could largely make up for the bootleg 
losses. 

Several popular programs use a system in which an 
installation key is delivered with the original program pack- 
aging of the data carrier (e.g. CD or floppy). The installation 
key is required before the program data can be installed on 
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above, CD and DAT data formats are substantially identical 
and, accordingly, multi-generation copying would be pos- 
sible. In the DAT system, therefore, the CD to be copied is 
queried for special copy protection information and, if the 
protection is activated, the DAT recorder is not authorized 
for copying. Such a method, however, is disadvantageous in 
that a high degree of discipline with regard to the target 
devices is necessary. Special anti-copy circuitry must be 
included in the recorder. Such a system is known as the serial 
copy management system (SCMS). The end user is not 
generally interested in those measures. It has been shown 
that the discipline is not always maintained. In particular, 
black boxes for filtering the copy-prohibit instruction from 
the digital signal are widely available. Recently, also, the use 
of modem PCs makes it possible to easily manipulate such 
mechanisms and, in the end, to circumvent them. 

A prior art copy protection system is described, for 
instance, in German patent application DE 196 30 755 Al. 
There, a semiconductor mass storage medium is divided into 
two memory regions. One of the regions is provided with a 
non-changeable signature. The signature states whether data 
can be stored in the primary memory region only with 
authorization or by anybody. This allows (pirated) copies to 
be distinguished from the original. 

SUMMARY OF THE INVENTION 

It is accordingly an object of the invention to provide a 
copy protection method and system, which overcomes the 
above-mentioned disadvantages of the heretofore-known 
devices and methods of this general type and which safely 
protects against copying of protected data from one medium 
onto an equivalent storage medium and the identical use of 
the copied data as the data on the original storage medium. 
It is a particular object to prevent the reading-out of infor- 
mation while retaining existing protection mechanisms and 
the subsequent copying of the deciphered data. Finally, it is 
a specific object of the novel method to prevent copying 
from one device onto a device of the same type (e.g. 
multimedia card), i.e. to render the data on the target device 
unusable. 

With the foregoing and other objects in view there is 
provided, in accordance with the invention, a method of 
preventing unauthorized copying of data, which comprises: 

communicating a unique identification of a device to a 
content provider; 

adding the unique identification as an authenticating sig- 
nature to a data set to form a signed data set; 

copying the signed data set with the unique identification 
from the content provider to the device; 

encoding the data set in the device with the unique 
identification to form cipher data; 

communicating the unique identification of the device to 
a host; and 

reading the cipher data with the host and decoding the 
cipher data to restore and use the data set in the host. 
In accordance with an added feature of the invention, a 
random number is generated in the host or in the device, and 



a PC. It is thereby easily possible to copy the key together 60 wherein the encoding step comprises encoding the data set 
with the data content of the CD any number of times and to ~ 
thus distribute and bring into circulation any number of 
pirated copies. 

Another established protection mechanism comprises pre- 
venting copying in general with the aid of special protocol 65 
conventions. Such protocols have been established, for 
instance, in the audio application of DAT recorders. As noted 



with a dynamic key formed with the unique identification 
and the random number. 

In accordance with an additional feature of the invention, 
the authenticating signature is formed from the unique 
identification and a private key of the provider, and, follow- 
ing the copying step, the signed data set is checked with the 
private key against a public key present in the device. 
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In accordance with another feature of the invention, the method is not implemented is possible. However, the data 

signed data set is checked in the device and, if the authen- set is not useable because the encryption is device- 

ticating signature in the signed data set does not match the dependent. 

unique identification of the device, any output of the data set In summary, the invention is essentially a combination of 

from the device to the host is blocked. 5 a signature method with an encryption method, which uses 

With the above and other objects in view there is also variable keys. This achieves the effect that a data set is 

provided, in accordance with the invention, a copy protec- writteD onlv onto a predetermined device and can only be 

lion system, comprising: read (deciphered) from that device by the host. Copying of 

. . . . t . A .. . . . the encrypted data set is thus useless, because the data set is 

a device having a unique identification and having an enc^tJwith the serial number of the device. The result is 

input for receiving signed data formed from a data set 30 an effective tection tcm which fa far rior t0 

and the unique identification; the methods described in the introduction, 

a controller in the device for authenticating the signed Other features which are considered as characteristic for 

data as authorized data, for storing the data set in the the invention are set forth in the appended claims, 

device, and for encoding the data set with a given key Although the invention is illustrated and described herein 

to form cipher data; 15 as embodied in a copy protection system and method, it is 

a host connected to the device, the host receiving the nevertheless not intended to be limited to the details shown, 

cipher data from the device, deciphering the cipher since various modifications and structural changes may be 

data, and processing the data set. made therein without departing from the spirit of the inven- 

In accordance with a concomitant feature of the invention, tion and within the scope and range of equivalents of the 

there is provided a random number generator and a random 20 claims. 

number generated by the generator is included in the given The construction and method of operation of the 

key to form a dynamic key. invention, however, together with additional objects and 

In other words, the invention describes a method in which advantages thereof will be best understood from the follow- 

the device that is to receive data monitors the authorization ing description of specific embodiments when read in con- 

of the data set to be written by way of a signature, before the 25 nection with the accompanying drawings, 

data on the device are released for read-out. The signature- BRIEF DESCRIPTION OF THE DRAWINGS 
check is combined with data enciphering, so that only 

authenticated data are delivered, in cipher form, from the FIG - 1 15 a ^matic showing data flow between a 

device to the consuming unit (host). content P^vider, a device, and a host; and 

Apart of the signature is a device-specific, non-copyable 30 FIG - 2 is a schematic diagram of an embodiment of the 

feature (e.g., the serial number of the device) that identifies invention for the common utilization of encrypted data and 

each device unambiguously. A further part of the signature . P^ am data - 

is a secret "private key" that is only known to the owner of DESCRIPTION OF THE PREFERRED 

the data set, i.e., the content provider. The "private key" is EMBODIMENTS 

combined with the "public key" by way of a one-way 35 n c . t - . , 

function. The public key is present in the device and it fi Referring now to the figures of the drawing in detail and 

cannot be changed. ? ret ' P articularlv » t0 FIG - 1 thereof . there * ««» a system 

Tu a j„ ■ tU t tU A t . . * t . diagram where a content provider 1 prepares data to be 

The device authenticates the data set by way of the ^ . t , t . . \ , *\ , _ 

„ • t % -1 _u a .u Li- i rn communicated to a device 2 from which a host 3 will read 
signature against its serial number and the public key. The . . t t t ~ . . t . , „ 
public/private key pair corresponds to a master key that 40 P«H»»/»« data content. The term "content provider- 
applies to all devices. The device allows writing of only ref * S t0 ' he 0Wnef ° f *! ° f ^ ^ ^ 
those data that are provided with the valid signature. The " ( ?f War f, deV f el °P" and ^ software ^ nbu "' : ^ 
signature is established by the owner and the distributor of ' e ™ J™*. refers . ? "7 slo "& J"* 1 
the data set as follows* controller, such as a multimedia card and the like. The term 
^ . , ... 45 "host" refers to the machine set that is enabled to read from 
Tne serial number of the dev 1C e is communicated to the lhe device and process/execute the data received froro the 

owner of the data set. device, such as a computer, a playstation, or the like. The 

The owner of the data set establishes the signature with data are assembled in a processor 5 from a data set 4 (e.g. 

the one way function, which contains the following software program, audio and/or video sequence, a still 

parameters in the argument: 50 picture, or the like), a private key, and a unique identification 

the private key; of t he device (e.g. serial number). The processor 5 attaches 

the serial number of the target device; and the private key and the device identification to form the 

the data set to be signed. s j gned dala ^th a set algorithm. The specific algorithm is 

The user's device receives the data set and checks the not essential for this description, as long it is assured that the 

signature. The device then releases the data set for read out 5S signature and the public key can be found by the device and 

only upon the successful checking of the signature. The host properly separated from the data set (decoded). Those of 

is allowed to process only data from the signed part of the skill in the art will readily know how to implement the data 

device that are encrypted with an agreed-upon algorithm. assembly in the processor 5 and the decoding in the device 

Non-encrypted data or data that are otherwise encrypted are ( e ,g. RSA, DES, etc). 

not usable by the host. Non-authenticated data are not output 60 thus ^ mhled data> i c me signed daUj are ^ 

by the device. . . . transmitted to the device 2. A controller in the device 2 

The data set that is stored straight* in the device is authenticates the signed data by comparison with the device 

encrypted in dependence on: identification (serial number) and the addition of the public 

the serial number of the device; and key. The controller then writes the data set into a memory 6. 

a random number dynamically generated by the host. 65 From there, the data set is read out and subjected to 

Copying of an encoded data set from a device with the encrypting before the (encrypted) signal can be read by the 

protection method to a device in which the (same) protection host 3. 
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In addition to encrypting with the serial number of the 
device, a random number is incorporated into the cipher data 
encryption. The random number is output from a random 
number generator 7 in the host 3 or in the device. The 
random number is also used in the deciphering of the cipher 
data. After deciphering in the host, the data set 8 is ready for 
processing or execution. 

Referring now to FIG. 2, there is shown a specific 
embodiment of a combination device, which stores both 
signed and unsigned data. The data input into the device 2 
are first checked for a signature and, if they are signed, for 
authenticity. Unsigned data ("plain data") are stored without 
any changes in a corresponding memory location 9. Signed 
data are also stored in a corresponding memory location 10. 
A signed data set that is recognized as valid is allowed to be 
deciphered and used in the host. In the case of a non-signed 
data set, the data are output by the device in non-encrypted 
form as plain data. This allows signed data to be stored on 
and read from a storage medium together with private data. 
When an encrypted data set is copied as an unsigned data set 
onto the same device (non-signed), then it can no longer be 
deciphered, because the host uses a dynamic key. 

The double arrows between the memory region 9 and the 
host controller (with the device controller in between) 
exemplify the usefulness of the dynamic key used in the 
cipher data exchange between the device and the host. 
Without the dynamic key it would be possible to read signed 
data into the host once and then write the data back into the 
device, or an equivalent device, as plain data. Unbridled 
copying and multiplication would once more be enabled. 
The dynamic key thus prevents such unauthorized multipli- 
cation. 

We claim: 

1. A method of preventing unauthorized copying of data, 
which comprises: 

communicating a unique identification of a device to a 
content provider; 

adding the unique identification as an authenticating sig- 
nature to a data set to form a signed data set; 

copying the signed data set with the unique identification 
from the content provider to the device; 
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encoding the data set in the device with the unique 

identification to form cipher data; 
communicating the unique identification of the device to 

a host; and 

reading the cipher data with the host and decoding the 
cipher data to restore and use the data set in the host. 

2. The method according to claim 1, which further com- 
prises generating a random number, and wherein the encod- 
ing step comprises encoding the data set with a dynamic key 
formed with the unique identification and the random num- 
ber. 

3. The method according to claim 1, which comprises 
forming the authenticating signature from the unique iden- 
tification and a private key of the provider, and, following 
the copying step, checking the signed data set with the 
private key against a public key present in the device. 

4. The method according to claim 1, which comprises 
checking the signed data set in the device and, if the 
authenticating signature in the signed data set does not 
match the unique identification of the device, blocking any 
output of the data set to the host. 

5. A copy protection system, comprising: 

a device having a unique identification and having an 

input for receiving signed data formed from a data set 

and the unique identification; 
a controller in said device for authenticating the signed 

data as authorized data, for storing the data set in said 

device, and for encoding the data set with a given key 

to form cipher data; 
a host connected to said device, said host receiving the 

cipher data from said device, deciphering the cipher 

data, and processing the data set. 

6. The system according to claim 5, wherein said host 
includes a random number generator and a random number 
generated in said host is included in said given key. 

7. The system according to claim 5, which further com- 
prises a random number generator for generating a random 
number to be included in said given key. 
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